Company:IP Volume

From HandWiki
IP Volume
FormerlyEcatel, Quasi Networks, Novogara
Founded2005

IP Volume (also known as Ecatel, Quasi Networks, and Novogara) is a hosting company associated with bulletproof hosting services. It has been subject to multiple law enforcement investigations and public scrutiny for hosting child sexual abuse material (CSAM), non-consensually shared explicit imagery (NCSEI), facilitating copyright infringement, and providing infrastructure for cybercrime.

History

Originally founded as Ecatel in 2005 by two Dutch nationals, the company was registered in Kent, United Kingdom, with its operational headquarters located in The Hague, Netherlands.[1] Following a 2011 dispute with a data center in Alphen aan den Rijn where they rented servers, the founders established their own data center, DataOne, in Wormer.[2]

In 2010, the security firm HostExploit named Ecatel the "worst hosting company in the world".[3] Ecatel maintained a fourth-place ranking in 2012.[2]

During a campaign against online child abuse in 2012, the hacktivist collective Anonymous alleged that Ecatel hosted significant amounts of child pornography. Under the banner #OpEcatel, the group targeted the company with DDoS attacks.[4] That same year, at the request of cybersecurity firm FireEye, Dutch authorities seized two Ecatel servers identified as command-and-control hubs for the Grum botnet.[5]

In 2013, a judicial court in The Hague ruled that Ecatel close eighteen websites for selling counterfeit luxury goods.[6] Ecatel won a lawsuit in 2015 filed by the Premier League, which sought to have illegal streams taken offline. In 2018, this decision was reversed, and Ecatel was required to take the streams offline.[7]

Rebranding to Quasi Networks and IP Volume

In December 2015, Ecatel's IP address blocks were transferred to Quasi Networks, registered in the Seychelles.[1] Ecatel was formally dissolved in 2017. In subsequent years, large blocks of IP addresses were transferred to IP Volume, also based in the Seychelles.[2] Despite the offshore registration, investigative reporting indicates the company continues to operate physically from the Netherlands.[8] Other shell companies using the same registration details have purchased services from IP Volume or its predecessors to obscure their operations.[2]

Ecatel was linked to the July 2015 data breach of Ashley Madison, a website facilitating extramarital affairs. One of the servers used to distribute stolen data was traced to Ecatel's infrastructure in Amsterdam.[9]

2019–Present Investigations

In 2019, The New York Times identified IP Volume (then operating as Novogara) as being complicit in the distribution of child sexual abuse material.[10] A 2020 report by the Dutch Ministry of Justice and Security ranked IP Volume as the second-largest host of such material in the Netherlands, linked to 4,500 out of 175,000 verified reports. The ministry noted that unlike other providers who cooperated with authorities, IP Volume deliberately obstructed efforts to remove illicit content.[11]

The FIOD raided IP Volume's data center in September 2020. During the raid, hundreds of thousands of euros worth of Bitcoin, 70,000 euros in cash, five cars, and two tasers were seized.[2]

In 2021, IP Volume was linked to the theft and hijacking of millions of IPv4 addresses from South Africa.[2][12]

In 2025, security researchers from Intrinsec Cyber Threat Intelligence (CTI)[13] reported that IP Volume was observed as a source of massive brute‑force password‑spraying attacks targeting SSL, VPN, and RDP services. The attacks were linked to a cluster of abusive autonomous systems operating from Ukraine and the Seychelles, with rapid IPv4 prefix rotation used to evade blocklists.[14][15]

According to Google Transparency Report, websites using IP Volume were found to be responsible for 10 million reported cases of non-consensually shared explicit imagery (NCSEI) by the end of 2025.[16]

References

  1. 1.0 1.1 Mursch, Troy (16 June 2017). "Quasi Networks responds as we witness the death of The Master Needler (80.82.65.66) for now" (in en). https://badpackets.net/quasi-networks-responds-as-we-witness-the-death-of-the-master-needler-80-82-65-66-for-now/. 
  2. 2.0 2.1 2.2 2.3 2.4 2.5 Houtekamer, Carola; Wassens, Rik (2 April 2021). "Het afvoerputje van het internet zit in een Noord-Hollands dorp" (in nl). https://www.nrc.nl/nieuws/2021/04/02/het-afvoerputje-van-het-internet-zit-in-een-noord-hollands-dorp-a4038329. 
  3. Thompson, Bryn. "HostExploit’s Top 50 Bad Internet Hosts & Networks Cybercrime Report Q1 2010 | HostExploit News" (in en). http://news.hostexploit.com/cybercrime-news/3605-hostexploits-top-50-bad-internet-hosts-a-networks-cybercrime-report-q1-2010.html. 
  4. "Anonymous valt Nederlandse hoster aan - Security.NL" (in nl). https://www.security.nl/posting/37479/Anonymous+valt+Nederlandse+hoster+aan. 
  5. "Grum: Inside The Takedown Of One Of The World’s Biggest Spam Networks – TechCrunch" (in en). TechCrunch. https://techcrunch.com/2012/08/04/grum-inside-the-takedown-of-one-of-the-worlds-biggest-spam-networks/. 
  6. "Kortkolom economie" (in nl). NRC. March 27, 2013. https://www.nrc.nl/nieuws/2013/03/27/kortkolom-economie-12636022-a472690. 
  7. "Hostingbedrijf Ecatel moet illegale streams Premier League staken" (in nl). https://www.emerce.nl/nieuws/hostingbedrijf-ecatel-moet-illegale-streams-premier-league-staken. 
  8. Libbenga, Jan (28 September 2020). "Verdachte bulletproof hoster is oude bekende" (in nl). Emerce. https://www.emerce.nl/nieuws/verdachte-bulletproof-hoster-oude-bekende. 
  9. "Server gelekte data in Amsterdam" (in nl). NRC. 24 August 2015. https://www.nrc.nl/nieuws/2015/08/24/hackers-server-gelekte-data-in-amsterdam-1526643-a218365. 
  10. Dance, Gabriel J.X.. "Fighting the Good Fight Against Online Child Sexual Abuse" (in en). The New York Times. https://www.nytimes.com/interactive/2019/12/22/us/child-sex-abuse-websites-shut-down.html. 
  11. Wassens, Rik (8 October 2020). "Overgrote deel kinderporno staat op servers van vier bedrijven" (in nl). NRC. https://www.nrc.nl/nieuws/2020/10/08/vier-bedrijven-hosten-overgrote-deel-kinderporno-a4015235. 
  12. Luke, Daniel (January 27, 2021). "4 million African web addresses have been stolen – Woolworths, Nedbank also hit". https://www.businessinsider.co.za/4-million-african-web-addresses-have-been-stolen-woolworths-nedbank-also-hit-2021-1. 
  13. Sardinha, David (August 29, 2025). "VAIZ, FDN3, TK-NET : Ukrainian Networks Driving Brute Force Attacks" (in en-US). Intrinsec. https://www.intrinsec.com/vaiz-fdn3-tk-net-ukrainian-networks-driving-brute-force-attacks/. 
  14. Lakshmanan, Ravie (September 2, 2025). "Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices" (in en). The Hacker News. https://thehackernews.com/2025/09/ukrainian-network-fdn3-launches-massive.html. 
  15. Priya (September 2, 2025). "Massive Surge in SSL VPN and RDP Attacks". https://cyberpress.org/ssl-vpn-rdp-attacks/. 
  16. Maugeri, Luca (December 28, 2025). "2025 Report: 10 Million Abusive URLs from SecuNET/CryptoServers" (in en-US). NCSEI Support Hub. https://ncsei-support.org/articles/2025-report-10-million-abusive-urls-from-secunet-cryptoservers/. 



Retrieved from "https://handwiki.org/wiki/index.php?title=Company:IP_Volume&oldid=4230571"